<?php


/**
 * This file is used to login the user to our system. 
 * 
 */
require_once "DBConnection.php";
//require_once "security.php";
//require_once "./Objects/User.php";
//require_once "authentication.php";


session_start();
///session_hijacking_prevention(); //avoid session hijacking function, written in security.php
	
//check for form spoofing. if form spoofing was found then user will be simply redirected to login_form.php
//is_spoofing belong to security.php
//is_spoofing("login");

/*if(!isset($_SESSION['secret']))
	header('Location: login_form.php');
else if($_POST['secret']!=$_SESSION['secret'])
		header('Location: login_form.php');*/
//die("bla");

//setcookie("itrustyou",$key,session.cookie_lifetime);

$connection = new Connection();

$username = mysql_real_escape_string($_SESSION['username']);
$password = $_SESSION['password'];

//$cookie = $_POST['cookie'];	//should be used to save cookie with credentials if user requested

//$username = mysql_real_escape_string($username);


//get the user from the DB
$query = "SELECT w_email, pass, salt
        FROM workertrack.worker
        WHERE w_email = '$username';"; 

$result = $connection->execute_query($query);	//result gets the info from the DB


if(mysql_num_rows($result)<1) //user does not exist
{
	
	echo "<br>";
	echo "no such user";
	header('Location: LoginResult.php');
   // die();
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
//$hash = crypt('sha256', $userData['salt'] . crypt('sha256', $password) );
$hash = crypt($password, $userData['salt']);


if($hash != $userData['pass'])	//password is incorrect
{
	echo "<br>";
	echo "password is incorrect";
	
	//header('Location: login_form.php');
}
else if($hash == $userData['pass']) //user can login
{
	$user = new User($userData['w_email'],$userData['pass'],$userData['salt'],time());
	
	//$_SESSION['username'] = $username;
 	$_SESSION['login'] = 1;
 	//$_SESSION['details'] = $user;
 	
 	//$_SESSION['referer'] = "index";
	header('Location: LoginResult.php');
}

/*if($cookie=="cookie")
{
	setcookie('wt_auth', date("G:i - m/d/y"), 60 * 60 * 24 * 60 + time()); 
	echo "coockie injection successful";
}*/




//move to another page

	

?>